Closed
Bug 741812
Opened 13 years ago
Closed 11 years ago
[Security Review][Action Item]Marionette - AMO Review Information
Categories
(addons.mozilla.org Graveyard :: Add-on Validation, defect)
addons.mozilla.org Graveyard
Add-on Validation
Tracking
(Not tracked)
RESOLVED
FIXED
2013-06-13
People
(Reporter: curtisk, Assigned: basta)
References
()
Details
(Whiteboard: [qa-])
add verificaiton checking for AMO reivewers
|
Reporter | |
Updated•13 years ago
|
Summary: [Security Review][Action Item]Marionette → [Security Review][Action Item]Marionette - AMO Review Information
|
||
Comment 1•13 years ago
|
||
We are not building or packaging marionette in any of the firefox builds we release, so add-ons (and any other script) will not have access to any of the modules at this time. We are only building marionette for B2G builds by default, which is fine for now as they use it for testing. Once we migrate more of our Firefox testing tools to Marionette, we may start packaging parts of Marionette in release builds. At that point, we should add verification checking. How should we keep track of this bug for when it becomes relevant for Firefox?
|
|
Reporter | |
Comment 2•13 years ago
|
||
I am going to close this won'tfix for now, if/when we do put this stuff in firefox we can reopen this. Is there a bug I could put this as blocking so we don't lose all track of this?
|
|
||
Updated•13 years ago
|
|
|
Reporter | |
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
|
||
Comment 3•12 years ago
|
||
We are now considering shipping this in optimized builds (see bug 870445) so this bug is valid again. AMO reviewers should watch for addons which * manipulate these prefs * attempt to use the marionette APIs There may well be legitimate testing add-ons that use these so they should not be prohibited, we just need to make sure that they aren't used secretly from an add-on for which it's irrelevant and inappropriate.
|
||
Comment 4•12 years ago
|
||
Relevant prefs: marionette.force-local marionette.defaultPrefs.enabled marionette.defaultPrefs.port
|
|
||
Comment 5•12 years ago
|
||
In addition to the above, we should flag any add-ons which attempt to use the following:
"@mozilla.org/marionette;1"
"{786a1369-dca5-4adc-8486-33d23c88010a}"
MarionetteComponent
MarionetteServer|
|
||
Comment 6•12 years ago
|
||
who is the right person to implement AMO checks for these things? I'd be happy to help but have no idea where to start.
|
|
||
Comment 7•12 years ago
|
||
Jorge: are you still maintaining the AMO validator? If not please point us in the right direction. Shouldn't this bug be moved to the addons.mozilla.org product? I was thinking this was the security-review bug but that ended up being tracked in bug 870576; this is now a "let AMO reviewers know what they need to watch for" bug. mdas is probably not the right assignee anymore.
Assignee: mdas → nobody
Component: Security Assurance → Add-on Validation
Flags: needinfo?(jorge)
Product: mozilla.org → addons.mozilla.org
Version: other → unspecified
|
||
Comment 8•12 years ago
|
||
We already flag non-extension preferences, so comment #4 shouldn't be necessary. Flagging what's in comment #5 is what matters in this case. When do we need this by?
Assignee: nobody → mattbasta
Flags: needinfo?(jorge)
OS: Mac OS X → All
Hardware: x86 → All
|
|
||
Comment 9•12 years ago
|
||
This blocks landing of bug 870445, which dmose's team is investigating for use in testing Talkilla, so I think the answer is "as soon as possible".
No longer blocks: 741838
|
||
Comment 10•12 years ago
|
||
We should add specific checks for the preferences in comment 4. We only flag non-extension preferences in defaults/preferences/*.js, and in any case those preferences should warrant the same kind of special treatment we give network.* preferences.
|
||
Comment 11•12 years ago
|
||
So we (the Talkilla team) has decided that for reasons of code maturity, we need to go with a Selenium fork for the moment, but Marionette is clearly the architecturally sane path forward in the slightly longer term. This means that it's not quite so urgent for us, but it'll be exciting to see this ride the trains into Firefox proper, as that should help it mature quickly and improve Firefox's standing as a development environment significantly.
|
|
||
Comment 12•12 years ago
|
||
Hey Matt, any update on this? Is there anything I can do to help speed this along? We are trying to land bug 870445 ahead of the Selenium Conference on June 10, and this is the only open blocker for that.
|
|
||
Updated•12 years ago
|
Flags: needinfo?(mattbasta)
|
||
Comment 13•11 years ago
|
||
PR 204 created https://github.com/mozilla/amo-validator/pull/204
|
|
||
Comment 14•11 years ago
|
||
Merged as https://github.com/mozilla/amo-validator/commit/4a40a7cd179c4d4eaa0a23d7ff9f8969456adfa2
Status: REOPENED → RESOLVED
Closed: 13 years ago → 11 years ago
Flags: needinfo?(mattbasta)
Resolution: --- → FIXED
|
||
Updated•11 years ago
|
Target Milestone: --- → 2013-06-13
|
||
Updated•11 years ago
|
Whiteboard: [qa-]
|
||
Updated•9 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•